MERCUSYS WPA2 Security (KRACKs) Vulnerability Statement
MERCUSYS is aware of vulnerabilities in the WPA2 security protocol that affect some MERCUSYS products. An attacker within the wireless range of a Wi-Fi network can exploit these vulnerabilities using key reinstallation attacks (KRACKs). According to the research paper on KRACKs by Mathy Vanhoef that brought this vulnerability to the attention of vendors, the attack targets the WPA2 handshake and does not exploit access points, but instead targets clients. All vulnerabilities can be fixed through software updates since the issues are related to implementation flaws.
Mercusys have been working to solve this problem and will continue to post software updates on our website: https://www.mercusys.com .
More information about KRACK can be found through the link: https://www.krackattacks.com.
Conditions under which devices are vulnerable:
● Physical proximity: An attack can only happen when an attacker is in physical proximity to and within wireless range of your network.
● Time window: An attack can only happen when a client is connecting or reconnecting to a Wi-Fi network.
Unaffected Mercusys products:
Routers working in their default mode (Router Mode):
MW155R, MW305R, MW325R, AC12
Affected Mercusys products:
Routers (affected only when WDS bridging function enabled, which default disabled):
MW155R, MW305R, MW325R, AC12
How to protect your devices
Until a software update is available to eliminate the vulnerability for your product, it is recommended to take the following precautions:
For wireless routers: Make sure your router’s WDS bridging function is disabled, and patch the operating system of your smartphones, tablets, and computers.
For wireless adapters and Range Extenders: Patch the operating system of your computers.
Microsoft security update: Microsoft has fixed such security issues as mentioned in https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080
Mercusys has been working on affected models and will release firmware over the next few weeks on our official website.
Associated CVE identifiers
The following Common Vulnerabilities and Exposures (CVE) identifiers have been assigned to track which products are affected by specific types of key reinstallation attacks:
1. CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake
2. CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake
3. CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake
4. CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake
5. CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
6. CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it
7. CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake
8. CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
9. CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
10. CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
WPA2 vulnerabilities will remain if you do not take all recommended actions. Mercusys cannot bear any responsibility for consequences that could have been avoided by following the recommendations in this statement.